<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>
Options Active Scan Input Vectors screen
</title>
</head>
<body bgcolor="#ffffff">
<h1>Options Active Scan Input Vectors screen</h1>
<p>
This screen allows you to configure the <a href="../../../start/concepts/ascan.html">active scan</a> input vectors.<br>
These are the elements that the active scanner will attack.<br>
Scanning all of the elements supported will take longer, but not scanning some elements may cause some vulnerabilities to be missed.

<h3>Injectable Targets</h3>
The request elements that the active scanner will target:

<h4>URL Query String & Data Driven Nodes</h4>
Key value pairs in the request URL query, ie after the <code>?</code>.<br>
If there are no query parameters then an arbitrary one will be tested.  
If <a href="../../../start/concepts/ddc.html">Data Driven Nodes</a> are defined within a Context they will be tested.
<h4>POST Data</h4>
Key value pairs in the request POST data.

<h4>URL Path</h4>
Path elements in the request URL, ie the elements separated by <code>/</code>.

<h4>HTTP Headers</h4>
Request HTTP Headers.

<h5>All Requests</h5>
Allows to scan the HTTP Headers of all requests. Not just requests that send parameters, through the query or request body.

<h4>Cookie Data</h4>
Request cookies.

<h3>Build-in Input Vector Handlers</h3>
The data formats that the active scanner will target:

<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>Multipart Form Data</td><td></td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>XML tag/attribute</td><td></td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>JSON</td><td></td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>Google Web Toolkit</td><td></td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>OData id/filter</td><td></td></tr>
</table>


<h3>Skripr Daxili Vektorlarını aktiv et</h3>
If this option is selected then the active scanner will use any enabled script input vectors.<br>
Script input vectors are scripts which you have written or imported into ZAP and allow you to target elements 
which are not supported by default.

<p>
This screen also allows you to configure the parameters which will be ignored by the active scanner.

<h2>See also</h2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="../../overview.html">UI Overview</a></td><td>for an overview of the user interface</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="options.html">Options dialogs</a></td><td>for details of the other Options dialog screens</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="ascaninput.html">Aktiv skan Daxil olunan vektorlar</a></td><td></td></tr>
</table>

</body>
</html>
